RSA Conference 2016 - The Expo!

We were at RSA Conference in San Francisco last week, keeping current with the latest developments in the information security industry. With 40,000 attendees, this is one of the biggest annual events focused on security. This post focuses on the vendor expo, but see our RSA wrap-up for other observations from the event and links to our detailed analysis of some of the content.

The expo at this year's RSA Conference was bigger than ever. It filled both of the giant expo halls at San Francisco's Moscone Center (over 450,000 square feet), and was simply overwhelming. Over 550 companies and organizations participated, and some of the booths were mind-bogglingly big, complicated, and elaborate.

Attending an expo like this is not only a good way to learn a little bit about lots of different companies and their products. It is also a good way of assessing what the trends are in the security industry and the direction in which the various security vendors are trying to lead their customers (for better for worse). Going from one booth to the next, you can spot common, repeated sales pitches and value propositions.

So here are some of the key trends we saw on the expo floor at RSA Conference this year:
  • "Next Generation Endpoint Security" and other "next generation" technologies. Without specifying a number of generations, what is 'next generation,' precisely? These are fairly amorphous categories at best, which is fine as long as vendors are clear that is the case. Many of these vendors really are pushing new and useful technologies that go beyond what the diminishing returns of signature-based malware detection. But as usual, cutting through the hype to find what is truly useful can be challenging.

  • Security Platforms. Many vendors, including Cisco, IBM, and Qualys, seem to be intently focused on representing themselves as offering an integrated security platform from top to bottom. On deeper analysis, I don't see any of these vendors currently being able to really back that claim up to the point where they could be your sole security vendor. In fact, Intel/McAfee was, up until recently, the closest thing out there, but they have divested themselves of much of their network security business (firewall, IDS/IPS, etc.) I think that diversity is a good thing, with different vendors specializing in what they do best. But having a diverse vendor landscape like that also calls for a need for integration of and information exchange between different vendors over open protocols and standards.

  • "Intelligence-driven." The past year or two, there were a lot of companies and products based around threat intelligence (more often, these were what could be properly termed as "threat data.") Experience has shown that intelligence alone does not make much of a security product, as most enterprise consumers didn't know how to operationalize it in a meaningful way. What we're seeing more of now is the established vendors in the network and host security space are integrating threat data feeds in order to offer built-in operationalized intelligence. Honestly, it seems to me that threat data is just a newer version of the old strategy of signatures and blacklists. 

  • "Cloud-based." Cloud has fully caught on in the security products realm, and most functionality you would normally think of in terms of security products, such as firewall, intrusion detection, proxy, anti-malware, analysis, and more, is available in a fully or partly cloud-based form. One advantage of hosting security functionality in the cloud is that it naturally makes it easier to support mobile devices and other devices that are not present on the inside of the organizational LAN. Which brings us to our next point:

  • Mobile. Mobile devices are an integral part of the workflow at most organizations now, and many are connecting from outside the corporate LAN all or most of the time. As a result, it is hard for security product vendors to remain competitive if they don't incorporate coverage for mobile devices. Asset management, anti-malware, VPN, proxy, and firewall vendors are increasingly incorporating features to help manage and secure mobile devices.

Comments

Post a Comment

Popular posts from this blog

Weekly Infosec News Brief: 14-20 March

Image
Major Media Websites Caught up inNew Malicious Advertising Attacks Last week multiple major advertising networks, including Google's DoubleClick, AppNexus, Rubicon, and AOL were abused by attackers to serve up malicious advertisements on major media sites. These malicious advertisements were redirecting to the "Angler" exploit kit, which uses multiple means to attempt to compromise a browser and install malware. While such malicious ads are common on smaller websites, they are not unheard-of on major media sites. This outbreak, however, was unusually large and long-lived, lasting at least the better part of two days. Given how common malicious web ads are, some security experts are recommending the use of ad blocking technology in web browsers. http://www.computerworld.com/article/3044565/security/advertising-based-cyberattacks-hit-bbc-new-york-times-msn.html Malicious Macros in Word Documents Used to Install Malware with No Files Needed Everything old is new a
Read more

Weekly Infosec News Brief 20-26 July

Image
FBI Sees Massive Increase in Espionage, Including Industrial Espionage, Against the US The FBI on Thursday issued a press release discussing what they believe is an increasing threat of economic espionage against US companies. They estimate that such espionage may cost the US as much as "hundreds of billions" of dollars a year. This espionage is not just directed against large industrial companies, but any place where trade secrets and innovations might be found, including third-party organizations (e.g. business partners, vendors, consultants, lawyers, etc.) affiliated with targeted companies. A key take-away is that the threat is more widespread than most people think, and that few organizations are immune. https://www.fbi.gov/news/pressrel/press-releases/fbi-announces-economic-espionage-awareness-campaign http://www.cnn.com/2015/07/24/politics/fbi-economic-espionage/ Microsoft Releases Out-of-Cycle Patch for Critical Font Driver Bug A flaw uncovered in connecti
Read more

Weekly Infosec News Brief: 22-28 February

Image
Ransomware Observed to Jump from One Device to Another via the Cloud Researchers described last week an incident where they observed malicious "ransomware" propagating from one device to another via cloud-based file synchronization. When the ransomware encrypted files on one machine that synchronized files to a specific folder, it spread to other PCs that synchronized to that same folder. This type of phenomenon is simply another reason for organizations to serious consider limiting or eliminating the use of such file-synchronizing software within their networks. http://www.scmagazine.com/researchers-confirm-cases-of-ransomware-encryption-jumping-devices-via-cloud-apps/article/479572/ New OpenSSL Patches Soon to Come The OpenSSL project team announced last Thursday that they are working on patches to fix at least two "high" severity vulnerabilities in OpenSSL. This is the software that powers the cryptographic security layer of many web servers, browser
Read more